[tor-dev] Onion Service - Intropoint DoS Defenses
David Goulet
dgoulet at torproject.org
Fri May 31 12:21:53 UTC 2019
On 31 May (00:46:56), teor wrote:
> Hi,
>
> > On 30 May 2019, at 23:49, David Goulet <dgoulet at torproject.org> wrote:
> >
> > Over the normal 3 intro points a service has, it means 150 introduction
> > per-second are allowed with a burst of 600 in total. Or in other words, 150
> > clients can reach the service every second up to a burst of 600 at once. This
> > probably will ring alarms bell for very popular services that probably gets
> > 1000+ users a second so please check next section.
>
> Do we know how many introduce cells are sent to popular services?
>
> How can the operators of these services find out their current introduce rate?
Yes good point.
The only thing we have available is the heartbeat that should read like so:
log_notice(LD_HEARTBEAT,
"Our onion service%s received %u v2 and %u v3 INTRODUCE2 cells "
"and attempted to launch %d rendezvous circuits.",
num_services == 1 ? "" : "s",
hs_stats_get_n_introduce2_v2_cells(),
hs_stats_get_n_introduce2_v3_cells(),
hs_stats_get_n_rendezvous_launches());
Those counters don't get reset so to get the rate one need to compare between
two heartbeats (default is every 6h).
Thus, if any big popular service out there (no need to give the .onion) can
tell us the rate they see, it would be grand!
Thanks!
David
--
5UzXP0vqLbSmETrsQZ9XaTIqBR5cOa/yi7T2AaPXzBw=
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20190531/d02bd6e6/attachment.sig>
More information about the tor-dev
mailing list